[
https://issues.apache.org/jira/browse/FLUME-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498667#comment-17498667
]
Kaushik Macherla commented on FLUME-3396:
-----------------------------------------
[~rgoers] - At SAP, we are using the latest version of Apache Flume -
[apache-flume-1.9.0.|http://www.apache.org/dyn/closer.lua/flume/1.9.0/apache-flume-1.9.0-bin.tar.gz]As
we understand this uses log4j-1.2.17.jar.
Since this log4j version is end of life, as per the compliance policy at SAP
and to reduce vulnerabilities, we are required to upgrade to use log4j 2.17.1
for both direct and indirect usages.
Can you please help provide the fix version for providing Apache Flume version
using log4j 2.17.1?
Appreciate you help.
> log4j upgrade from 1.x to latest 2.x
> ------------------------------------
>
> Key: FLUME-3396
> URL: https://issues.apache.org/jira/browse/FLUME-3396
> Project: Flume
> Issue Type: Question
> Affects Versions: 1.9.0
> Reporter: Kuldeep Singh
> Priority: Major
>
> Hi Team,
> As we know that Log4j 1.x has reached its end-of-life in 2015 and we are no
> longer getting any support on that outdated version. Its quite risky to run
> flume and respective plugins with outdated and unmaintained dependencies.
> Do you have any plan to upgrade the recent Log4j 2 version? (Obviously with
> CVE-2021-44228 fixes)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
